Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-W3XX-PMR6-FVQG

Vulnerability from github – Published: 2025-09-08 00:30 – Updated: 2025-09-08 00:30
VLAI
Details

A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-07T22:15:26Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.",
  "id": "GHSA-w3xx-pmr6-fvqg",
  "modified": "2025-09-08T00:30:19Z",
  "published": "2025-09-08T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10070"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60.enturmacao-em-lote.(ID)%60%20Endpoint.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10070.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323018"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323018"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.644133"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W45C-7V99-7XPV

Vulnerability from github – Published: 2026-04-27 09:34 – Updated: 2026-04-27 09:34
VLAI
Details

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-27T07:16:04Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.",
  "id": "GHSA-w45c-7v99-7xpv",
  "modified": "2026-04-27T09:34:38Z",
  "published": "2026-04-27T09:34:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7091"
    },
    {
      "type": "WEB",
      "url": "https://code-projects.org"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/higordiego/61e803a7a91df083665f2bcee9489c95"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/800387"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359666"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359666/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W465-RMM3-535R

Vulnerability from github – Published: 2025-02-28 09:30 – Updated: 2025-02-28 09:30
VLAI
Details

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-28T09:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the \u0027role\u0027 field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.",
  "id": "GHSA-w465-rmm3-535r",
  "modified": "2025-02-28T09:30:54Z",
  "published": "2025-02-28T09:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8420"
    },
    {
      "type": "WEB",
      "url": "https://codecanyon.net/item/dhvc-form-wordpress-form-for-visual-composer/8326593"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4d51a0c-c625-4732-b345-df02971fbffa?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W47V-2QJ7-9M4M

Vulnerability from github – Published: 2024-11-04 18:31 – Updated: 2024-11-04 18:31
VLAI
Details

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10764"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-04T16:15:04Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-w47v-2qj7-9m4m",
  "modified": "2024-11-04T18:31:22Z",
  "published": "2024-11-04T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10764"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xiaobsss/CVE/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.282951"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.282951"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.436477"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W5Q8-RWWV-X78M

Vulnerability from github – Published: 2026-01-14 00:31 – Updated: 2026-01-14 00:31
VLAI
Details

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted sudo permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T23:15:57Z",
    "severity": "HIGH"
  },
  "details": "Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted sudo permissions.",
  "id": "GHSA-w5q8-rwwv-x78m",
  "modified": "2026-01-14T00:31:28Z",
  "published": "2026-01-14T00:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50927"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/50773"
    },
    {
      "type": "WEB",
      "url": "https://www.vertiv.com/en-us"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/cyclades-serial-console-server-local-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W5XJ-99CG-RCCM

Vulnerability from github – Published: 2026-04-14 22:22 – Updated: 2026-05-29 21:46
VLAI
Summary
Decidim amendments can be accepted or rejected by anyone
Details

Impact

The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as people amending proposals are provided coauthorship on the coauthorable resources.

The only check done when accepting or rejecting amendments is whether the amendment reactions are enabled for the component: https://github.com/decidim/decidim/blob/9d6c3d2efe5a83bb02e095824ff5998d96a75eb7/decidim-core/app/permissions/decidim/permissions.rb#L107

The permission checks have been changed at 1b99136 which was introduced in released version 0.19.0. I have not investigated whether prior versions are also affected.

Patches

Not available

Workarounds

Disable amendment reactions for the amendable component (e.g. proposals).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "decidim-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.31.0.rc1"
            },
            {
              "fixed": "0.31.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "decidim-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.19.0"
            },
            {
              "fixed": "0.30.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T22:22:58Z",
    "nvd_published_at": "2026-04-21T20:17:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as people amending proposals are provided coauthorship on the coauthorable resources.\n\nThe only check done when accepting or rejecting amendments is whether the amendment reactions are enabled for the component:\nhttps://github.com/decidim/decidim/blob/9d6c3d2efe5a83bb02e095824ff5998d96a75eb7/decidim-core/app/permissions/decidim/permissions.rb#L107\n\nThe permission checks have been changed at 1b99136 which was introduced in released version 0.19.0. I have not investigated whether prior versions are also affected.\n\n### Patches\n\nNot available\n\n### Workarounds\nDisable amendment reactions for the amendable component (e.g. proposals).",
  "id": "GHSA-w5xj-99cg-rccm",
  "modified": "2026-05-29T21:46:09Z",
  "published": "2026-04-14T22:22:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/decidim/decidim/security/advisories/GHSA-w5xj-99cg-rccm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40869"
    },
    {
      "type": "WEB",
      "url": "https://github.com/decidim/decidim/commit/1b99136a1c7aa02616a0b54a6ab88d12907a57a9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/decidim/decidim"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2026-40869.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Decidim amendments can be accepted or rejected by anyone"
}

GHSA-W626-296M-8F85

Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-05-18 15:29
VLAI
Summary
Duplicate Advisory: OpenClaw's ACP child sessions inherit subagent security envelope constraints
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-q3jj-46pq-826r. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T15:29:59Z",
    "nvd_published_at": "2026-05-11T18:16:39Z",
    "severity": "LOW"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-q3jj-46pq-826r. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.",
  "id": "GHSA-w626-296m-8f85",
  "modified": "2026-05-18T15:29:59Z",
  "published": "2026-05-11T18:31:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: OpenClaw\u0027s ACP child sessions inherit subagent security envelope constraints",
  "withdrawn": "2026-05-18T15:29:59Z"
}

GHSA-W626-5585-3JV3

Vulnerability from github – Published: 2025-01-02 15:31 – Updated: 2025-01-02 15:31
VLAI
Details

A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-02T13:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-w626-5585-3jv3",
  "modified": "2025-01-02T15:31:57Z",
  "published": "2025-01-02T15:31:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13109"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qiutiandefeng/yfexam-exam/issues/4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qiutiandefeng/yfexam-exam/issues/4#issue-2754670219"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.289925"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.289925"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.467695"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W62R-7C53-FMC5

Vulnerability from github – Published: 2025-11-21 15:31 – Updated: 2025-11-27 08:39
VLAI
Summary
Grafana Incorrect Privilege Assignment vulnerability
Details

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management.

In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation.

This vulnerability applies only if all of the following conditions are met: - enableSCIM feature flag set to true - user_sync_enabled config option in the [auth.scim] block set to true

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.1.0"
            },
            {
              "fixed": "12.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.2.0"
            },
            {
              "fixed": "12.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.9.2-0.20250310110405-e6fdb746f235"
            },
            {
              "fixed": "1.9.2-0.20251106142618-ca5d89812015"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-41115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-21T18:11:52Z",
    "nvd_published_at": "2025-11-21T15:15:52Z",
    "severity": "CRITICAL"
  },
  "details": "SCIM provisioning was\u00a0introduced\u00a0in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management.\n\nIn Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation.\n\nThis vulnerability applies only if\u00a0all\u00a0of the following conditions are met:\n- `enableSCIM`\u00a0feature flag set to true\n- `user_sync_enabled`\u00a0config option in the\u00a0`[auth.scim]`\u00a0block set to true",
  "id": "GHSA-w62r-7c53-fmc5",
  "modified": "2025-11-27T08:39:59Z",
  "published": "2025-11-21T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41115"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/commit/ca5d89812015ef2db3acc62826f73650450b331e"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-w62r-7c53-fmc5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/grafana/grafana"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/releases/tag/v12.0.7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/releases/tag/v12.1.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/releases/tag/v12.2.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/releases/tag/v12.3.0"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/security/security-advisories/CVE-2025-41115"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Grafana Incorrect Privilege Assignment vulnerability"
}

GHSA-W64X-6GX5-C298

Vulnerability from github – Published: 2025-12-23 00:30 – Updated: 2025-12-23 00:30
VLAI
Details

Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-22T22:16:02Z",
    "severity": "HIGH"
  },
  "details": "Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking.",
  "id": "GHSA-w64x-6gx5-c298",
  "modified": "2025-12-23T00:30:31Z",
  "published": "2025-12-23T00:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53973"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/51151"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/zillya-total-security-local-privilege-escalation-via-quarantine-module"
    },
    {
      "type": "WEB",
      "url": "https://zillya.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.